Spin up vulnerable targets from your terminal π―
Caution
This project is in active development. Expect breaking changes with releases. Review the release changelog before updating. vt creates intentionally vulnerable environments - always run in isolated networks (VMs/sandboxes) and never expose to the internet.
- Features
- Installation
- Quick Start
- Usage
- Templates
- Playbooks
- What can you do with vt?
- Documentation
- Star History
- Contributors
- Community
- License
| Feature | Description | |
|---|---|---|
| π³ | Docker Compose | Container orchestration for vulnerable environments |
| π¦ | Templates | Community-curated vulnerable targets from vt-templates |
| π | Playbooks | Group multiple templates into training scenarios and run them together |
| π | State Tracking | Track and manage running deployments |
| π | Inspect | View detailed info (CVE, CVSS, CWE, PoC, remediation) for any template or playbook |
| π | Auto-Update | Sync templates from remote repository |
- Go 1.25.6+
- Docker & Docker Compose
go install github.com/happyhackingspace/vt/cmd/vt@latestgit clone https://github.com/HappyHackingSpace/vt.git
cd vt
go build -o vt cmd/vt/main.go
mv vt /usr/local/bin/ # Optional: add to PATH# 1. Browse available templates
vt template --list
# 2. Start a vulnerable environment
vt start --id vt-dvwa
# 3. Access the target at http://localhost:80Command Reference
Templates
| Command | Description |
|---|---|
vt template --list |
List all available templates |
vt template --list --filter <tag> |
Filter templates by tag |
vt template --update |
Update templates from remote repository |
Environments
| Command | Description |
|---|---|
vt start --id <template-id> |
Start a vulnerable environment |
vt stop --id <template-id> |
Stop an environment |
vt ps |
List all running environments |
vt inspect --id <template-id> |
Show full details for a template |
Playbooks
| Command | Description |
|---|---|
vt playbook list |
List all available playbooks |
vt playbook run --id <playbook-id> |
Start all templates in a playbook |
vt playbook stop --id <playbook-id> |
Stop all templates in a playbook |
Global Flags
| Flag | Values | Description |
|---|---|---|
-v, --verbosity |
debug info warn error fatal panic |
Set log verbosity (default: info) |
# List templates with SQL injection vulnerabilities
vt template --list --filter sqli
# Start DVWA (Damn Vulnerable Web App)
vt start --id vt-dvwa
# Inspect a template β see CVE, CVSS, CWE, PoC, and remediation steps
vt inspect --id vt-dvwa
# Check running environments
vt ps
# Stop a specific environment
vt stop --id vt-dvwa
# Run an entire playbook (multiple targets at once)
vt playbook run --id vt-pb-1
# List all available playbooks
vt playbook list
# Stop all targets in a playbook
vt playbook stop --id vt-pb-1Templates are automatically cloned to ~/vt-templates on first run.
| Template | Type | Description |
|---|---|---|
vt-dvwa |
Lab | Damn Vulnerable Web Application |
vt-juice-shop |
Lab | OWASP Juice Shop |
vt-webgoat |
Lab | OWASP WebGoat |
vt-bwapp |
Lab | Buggy Web Application |
vt-mutillidae-ii |
Lab | OWASP Mutillidae II |
Want more? Check out the vt-templates repository for all available templates and contribution guidelines.
Playbooks let you start multiple vulnerable targets in one command β useful for structured training sessions or red-team labs that require several services running simultaneously.
# See what playbooks are available
vt playbook list
# Launch every target in a playbook
vt playbook run --id vt-pb-1
# Tear down the whole playbook when done
vt playbook stop --id vt-pb-1Playbooks are defined as YAML files in the playbooks/ directory of the templates repository. Each playbook specifies an ordered list of template IDs. If one template fails to start, vt skips it, continues with the rest, and reports a summary of failures at the end.
| Use Case | Template |
|---|---|
| Practice SQL Injection | vt-dvwa |
| Learn XSS Exploitation | vt-dvwa |
| Test OWASP Top 10 | vt-juice-shop |
| Exploit Real CVEs | vt-2025-29927 |
| API Security Testing | vt-webgoat |
| Train Security Teams | vt-mutillidae-ii |
| Resource | Description | |
|---|---|---|
| π¦ | Templates | Browse all available templates |
| π€ | Contributing | Contribution guidelines |
| π | Issues | Report bugs or request features |
Recep Gunes |
Dogan Can Bakir |
Omar Kurt |
Ahsen |
Atilla |
mirackayikci |
numan |
- π¬ Discord: Join our community
- π Issues: Report bugs
- π€ Contributing: Check out CONTRIBUTING.md
This project is licensed under the MIT License - see the LICENSE.md file for details.
Happy Hacking! π―